sp3n - stock.adobe.com

UK biometrics strategy criticised for lack of content

The long-awaited government biometrics strategy falls short of the mark, say critics, failing to provide a detailed and coherent strategy or governance framework

The government has published its long-overdue biometrics strategy, but the short document fails to make any strong recommendations on the future use of biometics and how that will be governed or set any firm policy objectives.

In the foreword, minister of state for the Home Office Susan Williams writes that through implementing and consulting on the commitments made in the strategy, the aim is to increase public confidence in government’s use of biometric data.

But independent biometrics commissioner Paul Wiles said although the strategy is to be welcomed as the basis for a more informed public debate on the future use of biometrics, it does little more than laying out the current uses of biometric data and the development of new multi-user data platforms.

“Unfortunately the strategy says little about what future plans the Home Office has for the use of biometrics and the sharing of biometric data,” he said.

According to Wiles, a debate is needed in light of the rapid improvements in biometric matching technologies and the increasing ability to hold and analyse large biometric databases.

“While the use of biometric data may well be in the public interest for law enforcement purposes and to support other government functions the public benefit must be balanced against loss of privacy,” he said.

Norman Lamb, chairman of Parliament’s Commons Science and Technology Select Committee, said that coming four years after it was first promised, the 27-page document does not do justice to the critical issues involved.

“Specific issues relating to the way facial images are being collected and retained by the police have not been properly addressed. The ‘strategy’ seems to boil down to setting up an advisory ‘board’ to suggest policy recommendations to government, rather than telling us what actions the government will take and, just as importantly, what outcomes it wants to avoid.

“The government’s decision to launch a 12-month consultation on strengthening governance structures for biometrics [para 40] smacks of continuing to kick the can down the road. It seems that we may have to wait a fifth year before a proper strategy is produced, which is simply not good enough,” he said.

In its report on the government’s biometrics strategy and forensics published in May, the Science and Technology Committee said there are serious ethical implications with the use and retention of facial images, which government must take action to solve through the use of better IT.

The biometrics commissioner said biometric data is especially sensitive because it is the most intrusive of individual privacy and, for that reason, who decides the balance is as important as what is decided.

“Legislation carries the legitimacy that Parliament decides that crucial question. It is disappointing that the Home Office document is not forward looking as one would expect from a strategy. In particular, it does not propose legislation to provide rules for the use and oversight of new biometrics, including facial images,” said Wiles.

This is in contrast to Scotland where such legislation has been proposed. “Given that new biometrics are being rapidly deployed or trialled, this failure to set out more definitively what the future landscape will look like in terms of the use and governance of biometrics appears short sighted at best,” he said.

Commenting on the document’s proposal of an oversight and advisory board to make recommendations about governance just short of legislation, the biometrics commissioner said if that results in the development of a set of principles to inform future legislation, then it is also welcome.

However, Wiles said the advisory board is mainly described as concerned with the use of facial images by the police.

“What is actually required is a governance framework that will cover all future biometrics, rather than a series of ad hoc responses to problems as they emerge,” he said.

“I hope that the Home Office will reconsider and clearly extend the advisory board’s remit to properly consider all future biometrics, and will name the board accordingly.”

Lawless facial recognition surveillance by police

Big Brother Watch director Silkie Carlo described the biometrics strategy as a “major disappointment”, adding that it “reads like a late piece of homework with a remarkable lack of any strategy”.

While Big Brother Watch and others are doing serious work to analyse the rights impact of the growing use of biometrics, she said the the Home Office appears to lack either the will or competence to take the issues seriously.

“For a government that is building some of the biggest biometric databases in the world, this is alarming. Meanwhile, the Met today is surveilling Londoners with facial recognition cameras that they have no legal basis to even use.

“The situation is disastrously out of control. Anyone concerned should support our CrowdJustice campaign to put an end to lawless facial recognition in the courts,” she said.

Big Brother Watch is calling on the government and the Metropolitan Police to immediately end the police's “lawless use” of “dangerously authoritarian” facial recognition cameras.

According to the privacy and civil liberties group, these real-time facial recognition cameras are “biometric checkpoints”, identifying members of the public without their knowledge.

The CrowdJustice campaign has set a crowdfunding target of raising £5,000 by 14 July 2018 for legal action if the Met police fail to respond to the call to stop using facial recognition cameras.

On the topic of the retention of images of people held in police custody who have not been convicted, which has been ruled unlawful, the strategy merely states that current systems do not support the automatic removal of images, and that new systems should help.

“When the Law Enforcement Data Service – which will replace the Police National Computer and the Police National Database – is in place, it will enable more efficient review,” it said.

“Where appropriate, [it will also enable] automatic deletion of custody images by linking them to conviction status, more closely replicating the system for DNA and fingerprints.”

On the topic of the police’s use of automated facial recognition, the document merely pledges that the Home Office will work with regulators to update codes of practice.

It also pledges to “ensure that standards are in place to regulate the use of AFR [automatic facial recognition] in identification before it is widely adopted for mainstream law enforcement purposes”, but it does not provide a detailed explanation of how these standards would be developed or what they might include.

Read more about police IT

Read more on Privacy and data protection

Data Center
Data Management